Common Threats to Online Business Banking Security
January 12, 2012
Home Federal Bank takes great measures to secure online banking portals and educate businesses on how to access their online banking in a secure manner.
In today’s online environment, certain types of threats are consistent while new threats emerge daily. Some of these more well-known threats include spyware (key loggers, malware), phishing, viruses, and hacking. New threats include software programs that are designed to cover their tracks, to make detection of fraud more difficult. Home Federal Bank works to help counter these threats through a variety of methods; however the vast majority of these threats are focused on the user. Criminals looking to perform online fraud target individuals first, because they expect a percentage of people will be vulnerable – it is purely a numbers game.
Security threats are effective primarily when vulnerabilities exist in computer systems, software, or business practices. Most vulnerabilities are caused by out-of-date software, lack of security software (such as antivirus software, anti-spyware, etc.), weak authentication methods, or connecting to the Internet in a wide open manner (without a firewall between you and the Internet.) Some are caused by a lack of dual control in business processes (the same person initiating and approving ACH or wire transfers for example.) The Recommended Security Controls, included in your Home Federal Business Online Banking Agreement, lay out methods that can be used by you to reduce your risk.
Spyware is the number one way that online banking credentials are stolen and used for fraudulent activities. Spyware works by capturing information either on your computer, or while it is transmitted between your computer and websites. Often times, it is installed through fake “pop up” ads asking you to download software. Industry standard Antivirus products detect and remove software of this type, usually by blocking the download and installation before it can infect your computer.
The best defense against this threat is to only download software from trusted sources, and maintain a current Antivirus product on your system which is configured to automatically update.
Phishing takes place either through phone calls, emails, or fake websites. For example, you are sent an Email message that looks legitimate, however if scrutinized closer will usually show something isn’t quite right. The message will ask you to log in to a system, either to claim a prize, “unlock” your account, or take action on something. Most Emails of this type are written to leverage the natural human emotions of curiosity or fear. When you click on the link, one of two things usually happen – either spyware is installed on your system or you are taken to a fake login screen. When attempting to log in, you will get repeated login failure messages. Why? Because they are after your credentials only, there is nothing behind the fake login screen – it only has one purpose, which is to gain access to your username and account information.
Human behavior is such that we reuse usernames and passwords for multiple online sites and accounts. Therefore, there is a high probability that the username and password combination once compromised can be used to log in to legitimate websites, providing the ability for fraud to be committed.
What is the best way to prevent phishing? By paying close attention to messages that you receive – are they asking you for information a vendor should already know about you? Please note that Home Federal Bank will never ask you for personal confidential information in an unsolicited Email.
A valuable tool in reducing unauthorized access to your online banking is the use of strong authentication methods such as security tokens. Security tokens are not only available for use at the time you log on to the system, but more importantly, for use when completing activities that carry risk. Examples are ACH file submissions and Wire transfers. For more information, reference the Recommended Security Controls, included in your Home Federal Business Online Banking Agreement.
Viruses are designed to compromise your computer systems, and allow others to gain access to your files, etc. This is different than spyware in that a virus may search for information considered to be of value, where spyware will wait for input or action from whomever is using the computer. A system that is compromised may be used to attack other systems, denying people legitimate access to services. An example would be the recent activities of the group called “Anonymous.” This group took over computer systems around the world, and used them to launch attacks on websites. These types of attacks are called “denial of service” attacks. One of the most common scenarios with viruses is where they will discover financial data such as payroll files, bank account information, and credit card information. This information is then transferred to criminals who sell it on the black market, or worse – use it for blackmail. Criminals can get anywhere from pennies to hundreds of dollars for each piece of information, depending on what it is and how they can exploit it.
So, how do you try to prevent this? Maintaining up-to-date Antivirus software is the number one method to counter this threat. Also, preventing computer systems from going directly to the Internet is important. Most cable modems, DSL modems, wireless routers, or other devices provided by Internet Service Providers (ISPs) have some firewall capabilities. If you are performing electronic commerce activities, or utilizing electronic banking services such as online ACH, wire transfers, etc. you may want to consider investing in a purpose built firewall device. This increases the level of protection available to you.
Hacking works similarly to viruses. A “hacker” uses software to probe for vulnerabilities, and then uses programming techniques, software utilities, or system commands to exploit the vulnerability. The primary objective is to gain access to your system. Once this access is obtained, you can think of it like a burglary – they search for anything of value and often times leave damage behind. More threatening are those hackers who simply take control of your system and wait, to see what information becomes available or what other systems they can gain access to.
How can you reduce your risks of being hacked? The primary way that you can reduce your risk is by having a firewall between your computers and the Internet. In addition, some businesses find, if prudent, to perform online banking activities from one or two computers only, which helps them monitor the systems more closely. We have already covered maintaining up-to-date Antivirus software, but keeping software applications up to date is critical here as well. Many programs will have auto update features which can be leveraged to do this.
What else can you do? Take the time to educate yourself about the products, services, and security capabilities available to you. One of these resources includes a Self-Assessment Tool (based on National Institute of Standards and Technology recommendations), which will help you understand where you stand today, and what you can do to improve your online security. Attend an upcoming business seminar or contact your Home Federal Business Banker for more information.
Home Federal offers Personal Banking, Business Banking, Ag Lending , Home Loans, Trust and Asset Management, and Investments. With so much to offer, learn what Home Federal can do for you.